Damn Vulnerable Web Application (DVWA): Difference between revisions
(replace /etc/init.d with rc-service) |
|||
(8 intermediate revisions by 4 users not shown) | |||
Line 1: | Line 1: | ||
For testing web security tools a target which has plenty vulnerabilities is needed. The [ | For testing web security tools a target which has plenty vulnerabilities is needed. The [https://github.com/digininja/DVWA Damn Vulnerable Web Application (DVWA)] provides a PHP/MySQL web application that is damn vulnerable. | ||
== Install lighttpd, PHP, and MySql == | |||
{{:Setting Up Lighttpd With FastCGI}} | {{:Setting Up Lighttpd With FastCGI}} | ||
Install extra packages: | Install extra packages: | ||
= Installing and configuring | {{Cmd|# apk add php5-mysql mysql mysql-client}} | ||
== Installing and configuring DVWA == | |||
Create the a folder named {{Path|webapps}} | |||
{{Cmd|# mkdir -p /usr/share/webapps/}} | |||
Download the source archive and unpack it: | |||
{{Cmd|$ cd /usr/share/webapps/ | |||
# wget <nowiki>https://github.com/digininja/DVWA/archive/refs/tags/v1.9.zip/nowiki>}} | |||
Unpack the archive and remove it | Unpack the archive and remove it: | ||
{{Cmd|unzip | {{Cmd|# unzip v1.9.zip | ||
rm | # rm v1.9.zip}} | ||
Change the folder permissions | Change the folder permissions: | ||
{{Cmd|chmod -R 777 /usr/share/webapps/}} | {{Cmd|# chmod -R 777 /usr/share/webapps/}} | ||
Create a symlinks to the folder ''dvwa'' | Create a symlinks to the folder ''dvwa'' | ||
{{Cmd|ln -s /usr/share/webapps/dvwa/ /var/www/localhost/htdocs/dvwa}} | {{Cmd|# ln -s /usr/share/webapps/dvwa/ /var/www/localhost/htdocs/dvwa}} | ||
= | == Configure and start MySql == | ||
{{Cmd|<nowiki>/usr/bin/mysql_install_db --user=mysql | {{Cmd|<nowiki># /usr/bin/mysql_install_db --user=mysql | ||
# rc-service mariadb start && rc-update add mariadb default | |||
/usr/bin/mysqladmin -u root password 'password'</nowiki>}} | # /usr/bin/mysqladmin -u root password 'password'</nowiki>}} | ||
Modify the database credentials within DVWA configuration file | Modify the database credentials within DVWA configuration file {{Path|/config/config.inc.php}} | ||
{{Cmd|nano -w /usr/share/webapps/dvwa/config/config.inc.php}} | {{Cmd|# nano -w /usr/share/webapps/dvwa/config/config.inc.php}} | ||
To complete the setup, browse to the DVWA directory on the webserver. | To complete the setup, browse to the DVWA directory on the webserver. | ||
http://WEBSERVER_IP_ADDRESS/dvwa | <nowiki>http://WEBSERVER_IP_ADDRESS/dvwa</nowiki> | ||
Follow the link to setup the database. | Follow the link to setup the database. | ||
[[Category:PHP]] | [[Category:PHP]] [[Category:SQL]] [[Category:Security]] | ||
[[Category:SQL]] |
Latest revision as of 10:03, 17 November 2023
For testing web security tools a target which has plenty vulnerabilities is needed. The Damn Vulnerable Web Application (DVWA) provides a PHP/MySQL web application that is damn vulnerable.
Install lighttpd, PHP, and MySql
Basic Installation
For installing the additional packages first activate community packages and update the package index
Install the required packages:
# apk add lighttpd php82 fcgi php82-cgi
Configure Lighttpd
Edit lighttpd.conf (/etc/lighttpd/lighttpd.conf) and uncomment the line:
Contents of /etc/lighttpd/lighttpd.conf
Edit mod_fastcgi.conf (/etc/lighttpd/mod_fastcgi.conf), find and change /usr/bin/php-cgi to /usr/bin/php-cgi82.
Contents of /etc/lighttpd/mod_fastcgi.conf
Start lighttpd
service and add it to default runlevel
# rc-service lighttpd start # rc-update add lighttpd default
Install extra packages:
# apk add php5-mysql mysql mysql-client
Installing and configuring DVWA
Create the a folder named webapps
# mkdir -p /usr/share/webapps/
Download the source archive and unpack it:
$ cd /usr/share/webapps/ # wget https://github.com/digininja/DVWA/archive/refs/tags/v1.9.zip/nowiki>}} Unpack the archive and remove it: {{Cmd|# unzip v1.9.zip # rm v1.9.zip}} Change the folder permissions: {{Cmd|# chmod -R 777 /usr/share/webapps/}} Create a symlinks to the folder ''dvwa'' {{Cmd|# ln -s /usr/share/webapps/dvwa/ /var/www/localhost/htdocs/dvwa}} == Configure and start MySql == {{Cmd|<nowiki># /usr/bin/mysql_install_db --user=mysql # rc-service mariadb start && rc-update add mariadb default # /usr/bin/mysqladmin -u root password 'password'
Modify the database credentials within DVWA configuration file /config/config.inc.php
# nano -w /usr/share/webapps/dvwa/config/config.inc.php
To complete the setup, browse to the DVWA directory on the webserver.
http://WEBSERVER_IP_ADDRESS/dvwa
Follow the link to setup the database.